OSForensics allows you to identify suspicious files and activity with hash matching, drive signature comparisons, e-mails, memory and binary data. It lets you extract forensic evidence from computers quickly with advanced file searching and indexing and enables this data to be managed effectively.

Search within FilesIf the basic file search functionality is not enough, OSForensics can also create an index of the files on a hard disk. This allows for lightning fast searches for text contained inside the documents. Powered by the technology behind Wrensoft’s acclaimed Zoom Search Engine.

Search for EmailsAn additional feature of being able to search within files is the ability to search email archives. The indexing process can open and read most popular email file formats (including pst) and identify the individual messages.This allows for a fast text content search of any emails found on a system

Recover Deleted FilesAfter a file has been deleted, even once removed from the recycling bin, it often still exists until another new file takes its place on the hard drive. OSForensics can track down this ghost file data and attempt to restore it back to useable state on the hard drive.

Uncover Recent ActivityFind out what users have been up to. OSForensics can uncover the user actions performed recently on the system, including but not limited to:Opened DocumentsWeb Browsing HistoryConnected USB DevicesConnected Network Shares

Collect System InformationFind out what’s inside the computer. Detailed information about the hardware a system is running on:CPU type and number of CPUsAmount and type of RAMInstalled Hard DrivesConnected USB devicesand much more.

View Active MemoryLook directly at what is currently in the systems main memory. Attempt to uncover passwords and other sensitive information that would otherwise be inaccessible.Select from a list of active processes on the system to inspect. OSF can also dump their memory to a file on disk for later inspection.

Extract Logins and PasswordsRecover usernames and passwords from recently accessed websites in common web browsers, including Internet Explorer, Firefox, Chrome and Opera.

V3.2.1001 – 22nd of June 2015Case Manager* E-mail attachment paths now include the attachment index number following the file name (eg. c:email.pst*990*attach.txt:2). This is to distinguish multiple attachments with the same name.Create Index* Fixed some bugs relating to email attachments* New URL format for attachments* Fixed bugs with indexing attachments from mbox (.eml) in nested format* Fixed bug with not indexing From/To details for Mbox attachments* Fixed bug with indexing attachment titles incorrectly* Fixed a bug that was causing “Failed to rename file zoom_pagedata.tmp to …” appear at end of indexingEmail Viewer* When extracting e-mail details, if FILETYPE_UNKNOWN is specified as the e-mail file type, the function will try opening the file with each format until successful* Fixed potential heap corruption when exporting an e-mail with a large text body* Fixed possible memory leakRecent Activity* Added shellbag item from registry files collection and display* Fixed a date conversion issue with Google chrome downloads dateSearch Index* Fixed some results not being filtered into the correct tab (eg. images in e-mail attachments)* E-mail attachments with the same name can now be distinguished properly* When doing bulk adding of items to case, user is no longer prompted when the item already exists in the case after checking the ‘Repeat action’ checkbox.* Fixed various problems related to adding nested attachments/e-mails/archives to case.* For E-mail paths that do not have a message ID in the path, a message ID of “0” is assigned* Fixed issues with the case flags not appearing for some itemsMisc* Fixed some date formatting bugs introduced in the previous build that were causing dates to appear blank

Instructions:

1. Unpack and install
2. Disconnect from internet
3. Use given serial to register
4. Done.